Vulnerabilities: Attackers can crash IBM App Connect Enterprise
Important security updates close several vulnerabilities in various IBM applications.
(Image: Alfa Photo/Shutterstock.com)
IBM App Connect Enterprise, License Metric Tool v9, WebSphere Application Server, and WebSphere Application Server Liberty are vulnerable. Attackers can exploit several vulnerabilities to attack systems.
Attacks possible
In a warning message, IBM developers state that App Connect Enterprise is vulnerable due to a total of four flaws. Two of these vulnerabilities (CVE-2026-61140, CVE-2026-25547) are considered “critical,” and attackers can cause crashes through DoS attacks, among other things.
The developers assure that the problems have been resolved in IBM App Connect Enterprise v12- Fix Pack Release 12.0.12.23 and IBM App Connect Enterprise v13- Fix Pack Release 13.0.6.2. So far, there are no indications from the software manufacturer that attackers are already exploiting the security vulnerabilities.
Videos by heise
WebSphere Application Server and WebSphere Application Server Liberty are also susceptible to DoS attacks. Apparently, no specific security patch is available yet, so IBM provides admins with a fix pack. Further information can be found in a warning message.
According to a post, License Metric Tool v9 is vulnerable via a “critical” flaw (CVE-2026-1188). The description reads as if attackers could execute malicious code. Version 9.2.42 provides a remedy here.
Finally, IBM developers closed vulnerabilities in Tivoli Netcool/OMNIbus, among others.
(des)
